Sangfor Operation and Maintenance Security Management System Command Injection Vulnerability in Fort Audit Log Controller

A command injection vulnerability has been identified in the Sangfor Operation and Maintenance Security Management System (OSM) in versions prior to 3.0.12. The issue resides in the FortAuditLogController, specifically within the HTTP POST request handler for the endpoint '/fort/audit/get_clip_img'. The vulnerability allows remote attackers to inject commands by manipulating the 'frame' and 'dirno' parameters, which are not properly sanitized before being executed as shell commands. This exploitation can lead to unauthorized command execution on the server.

Impact

Exploitation of this vulnerability allows for remote command execution on the affected system, with the executed commands running under the privileges of the web user.

Reproduction

To reproduce this vulnerability, send a POST request to '/fort/audit/get_clip_img' with the 'ip' parameter set to 'local'. Include a crafted 'frame' parameter that contains injected commands, using shell metacharacters to terminate the original command and execute the injected one. The 'dirno' parameter can also be manipulated, but the 'frame' parameter is the primary injection point.